Kali Linux comes with Java 1.6 and 1.7 pre-installed. Unfortunately, it defaults to Java 1.6
which has a few issues. You'll need to tell Kali Linux to use Java 1.7 by default. Here's how:

32-bit Kali Linux:

update-java-alternatives --jre -s java-1.7.0-openjdk-i386

64-bit Kali Linx:

update-java-alternatives --jre -s java-1.7.0-openjdk-amd64

Getting Started (Everything else)

4. Help! I updated Metasploit with msfupdate and Armitage no longer works

You have an old version of Metasploit installed. The msfupdate command
updates the Ruby source code but it does not update the dependencies Metasploit and Armitage rely on.

Reinstall Metasploit. If you're a BackTrack Linux user--you must move over to Kali Linux. BackTrack
Linux is no longer supported.

5. I can't get Armitage to work. I see ______ error. What
do I do?

The best thing to do is search for a blog post written in poor
English. The older the better. Try everything in this blog post and then
email the developer telling him his software is broken. This is the
right course of action--every time!

Actually, no. If you're stuck, read the Armitage
startup troubleshooting guide. This same information is available if
you click Help from the Setup dialog. It covers every
startup error I have seen (with screenshots)

6. I do not see a Start MSF button, what is wrong with my Armitage?

Nothing. You're using the latest version of Armitage. The Start MSF button has been
taken away. The Connect button now intelligently detects whether Metasploit is running
locally or not. If Metasploit is not running, Armitage will ask you if you want it to start Metasploit.
I suggest pressing Yes.

You probably asked Metasploit GUI to start the Metasploit RPC server without SSL. Good job, Tiger! Armitage expects msfrpcd to listen for an SSL
connection. An SSL client can't connect to a non-SSL server. It doesn't work.

Start Armitage and click Connect. This is all you need to do. Armitage will prompt you and ask if you want it to start
Metasploit's RPC server.

I've seen a few videos and blogs misinform users that they should use msfgui to start Metasploit and then connect Armitage. I've never advised
anyone to take this approach. I don't know where it came from. Let this be a lesson for you, read the official documentation
and ignore the riff-raff.

8. Will you help me run Metasploit and Armitage on MacOS X or Windows?

No. I do not provide support for setting up Metasploit, its dependencies, and configuring your
environment on MacOS X or Windows.

Using Armitage

9. Can Armitage exploit Windows 7 and
Vista or is it Windows XP only?

I get this question, worded in this way, a lot. First, Armitage is a front-end that provides a workflow
and collaboration tools on top of Metasploit. The correct question is: does Metasploit have attacks that work
against Windows 7 and Windows Vista?

The answer is yes. Remote exploits against modern Windows versions are very rare. If you're
hoping for this, please put these days behind you. Microsoft has a lot of smart people and they've put a lot of work
into reducing mistakes that lead to exploitable conditions. They have also added mitigations to their software to
make it harder to turn a programmer's mistake into an attack.

Attackers do what works and they have moved on. Now, to break into a modern system, you need to attack the
applications the user is running and not the operating system. Client-side attacks against Internet Explorer,
Firefox, Adobe Reader, Adobe Flash, Apple QuickTime, and Java are very common. Metasploit is the cutting edge of what's
publicly available in this space.

Once you get a foothold, it's up to you to think like an attacker and use your position to gain
access to other systems. There are resources available for your learning. I suggest that you go
study them. If you're really serious about learning these ideas then invest in yourself and take a class.

10. Why can't I type in any of the tabs?

On Windows and MacOS X you have to click in the editbox to focus the
input area and type. This is a known issue. The editbox is at the bottom
of the tab. Just click in it until you see a blinking cursor.

11. Armitage picked the wrong LHOST, how do I fix it?

Type:

setg LHOST [your IP address]

That's it. Armitage uses this value to tell reverse connect attacks where to connect to. You do not need to reset Armitage's
listener when you change this value.

12. I can't get any exploits to work. What am I doing wrong?

Start with something that you know is exploitable. I recommend
downloading the Metasploitable virtual machine.
Hacking this will give you confidence that yes, exploits work and yes,
you're probably using Metasploit correctly.

Not all exploits work in all situations. Remember that you're sending
code to a system that is meant to trigger a flaw. If a firewall is on,
then maybe the data isn't getting to the service. Maybe you're running
a version of the software that no longer has the flaw.

Metasploit is not a magic key into other systems. Knowing what to use
in different situations is a skill and it comes with experience.

13. Why do the hosts in the targets area move back after I move them?

Armitage automatically arranges the hosts in the targets area by default. You can turn this behavior off.
Make sure no host is selected and right-click inside the targets area. Go to Auto Arrange ->
None.

14. What are the warning messages in the console I launched Armitage from?

These are harmless. They're debug output for me to read. I was too lazy to remove them. They always have
the form Warning: some message here at file.sl:##. The scary "Warning" text is from the
warn function in the language I used to write
Armitage. Ignore it.

15. How do I use Armitage against an Internet address?

There are no restrictions in the software. I recommend experimenting
with virtual machines on a private test network. If you choose to use
this tool against an internet host, make sure you have a letter of
permission from the system's owner.

Meta

16. What's the best way to learn how to use Armitage for Metasploit?

There are a lot of resources on both Armitage and Metasploit available to you. Here's a recommended order for you:

Penetration Testing with Cobalt Strike. This is a
seven-part video series with a lot of demonstrations. It will take you through the entire hacking process using
Armitage's big brother Cobalt Strike. Lectures 3 and 4 are Cobalt Strike specific. The rest of the material applies
to Armitage. This series is an update to last year's Armitage and Metasploit Training.

Hacking Linux with Armitage. This article will take you through the
entire network attack process using Armitage and the freely available Metasploitable virtual machine as a target. I recommend reading this article
and reproducing each step in it.

The Armitage Manual. Technically you should read this first. But, if you
didn't--I'll forgive you. This manual is a reference for Armitage. It doesn't give context like these other resources do. Still, you should read
it to understand what Armitage can do and the technical details of setting up different features. This manual is always accurate
with the latest version of Armitage.

Metasploit
Unleashed. This is a free course offered by the Offensive Security folks. To be really effective with Armitage, you'll need to understand
Metasploit. This course takes you through a lot of what Metasploit can do.

As a penetration tester, I find tools give me about 15% of what I need. The rest of my work is problem
solving, system administration, and luck. If you want to learn how to hack, don't neglect these skills
either. Here are a few other recommended items:

De-ICE Pen Test LiveCD. These CDs are
self-contained scenarios requiring you to use problem solving and Linux knowledge to penetration test a fake
company. Keep in mind, the answers are not obvious.

OWASP WebGoat
Project. This is a LiveCD environment with several web application attack scenarios. It will guide
you through the very basics of conducting a web application assessment.

17. Will you teach me to hack?

If you want my views on the hacking process and how to do it, then ask your organization to invite
me to teach a course at your location. I have materials, labs, and an exercise for a threat
emulation course. I've given this course several times now and my students have taken a lot from it.

18. Why does Armitage exist?

I've met too many security professionals who don't know how to use
Metasploit. Sadly, I was one of them. I've always felt Metasploit could use a
non-commercial GUI organized around the hacking process. So, I made
Armitage

Armitage exists to help security professionals better understand the
hacking process and appreciate what's possible with the powerful
Metasploit framework. Security professionals who understand hacking will
make better decisions to protect you and your information.

19. I'm a journalist (or a blogger), do you have images and other media that I may use?

Yes. Feel free to embed any of the screenshots or
videos into your article or blog post. If you'd like higher
resolution images, I'll provide PSD files of the key Armitage graphics
on request. Contact me and I'll do my best
to respond quickly.